Days Later, Global Fallout From CrowdStrike Outage Continues

Video of Transcript

• Days Later, Global Fallout From CrowdStrike Outage Continues

  This incident highlighted the risks that come with a monoculture software regime. Or essentially, when we're too reliant on specific products or specific companies like Microsoft, and that when we have a monoculture or don't have a diversity in our IT infrastructure, we then have a system that's susceptible to a single source of failure.

  So essentially, this single bug in a CrowdStrike update was able to cause damage across the globe.

  This was fortunately not a malicious actor attempt. And this should serve as a reminder, that this very well could have been, and because our society continues to be more interconnected, and more digitized, we need to think of security from the onset of every decision.

  And security cannot be an afterthought. And that goes in terms of who you employ in terms of ensuring that systems are diversified, in terms of knowing what software is in all your products. And also, I think a big part of that is also shifting burden outside of the consumer to software providers and more generally.

  While this bug was most likely a result of a lack of testing and would have been more easily mitigated with fail safes and a phased rollout, CrowdStrike has been incredibly transparent and has been working nonstop to try to help impacted customers in terms of providing different fixes, providing videos in terms of how to manually fix it yourself.

  With that all said, it will still take multiple weeks for all impacted systems to be operational again. and I think we will be seeing organizational changes within CrowdStrike, to make sure, and minimize the chances of this occurring again.

  And the near term, while this was not an attack, it did not stem from a malicious actor, we still need to remember that most actors take advantage of chaos and are actively doing that right now. So we need to make sure that people try to verify all information they receive and make sure that they're working with trusted partners.

  In terms of the long term, cybersecurity software updates need to go through the same rigorous testing and expectations that other software updates go through. So in terms of testing, having phased rollouts and taking the steps needed to make sure that, each change we make, if something goes wrong with it, we're taking the steps to minimize any damage.